Lab rats at Microsoft Research and the University of Michigan have teamed up to create prototypes for virtual machine-based rootkits that significantly push the envelope for hiding malware and that can maintain control of a target operating system. The proof-of-concept rootkit, called SubVirt, exploits known security flaws and drops a VMM (virtual machine monitor) underneath a Windows or Linux installation. Once the target operating system is hoisted into a virtual machine, the rootkit becomes impossible to detect because its state cannot be accessed by security software running in the target system.

OK, this sounds like a bug deal, but think about this. The rootkit is going to have to have drivers for all the target hardware. Otherwise something isnt going to work right and then you are going to figure out that you have a rootkit. The whole point of a rootkit is to be stealthy, but who here wouldnt notice pretty quick if your sound started acting funny or you didnt have 3d acceleration anymore? Not to mention firewire and usb2 support. I mean, these things dont quite work perfectly in VMware, and you pay for that. Chances of a rootkit getting everything to work without the user noticing: zero.